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DETAILED ACTION 

1 . This action is response to communication: RCE filed on 02/10/2009. 

2. Claims 18, 19, 21 , 22, 25-27, 29, 30, 34, 38-41 , and 43-46 are currently pending 
in this application. 

3. No new IDS has been received on this application. 

Election/Restrictions 

4. This application contains claim drawn to an invention nonelected with traverse in 
the reply filed on 02/10/2009. A complete reply to the final rejection must include 
cancellation of nonelected claims or other appropriate action (37 CFR 1 .144) See 
MPEP§ 821.01. 

Response to Arguments 

5. Applicant's arguments with respect to the claims have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Objections 

6. The previous claim objections have been withdrawn in response to applicant's 
amendment. 

Claim Rejections - 35 USC §112 

7. The previous 112 rejections have been withdrawn in response to applicant's 
amendments. 



Application/Control Number: 10/619,352 
Art Unit: 2434 



Page 3 



Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 18, 19, 21, 25-27, 38, 39, and 45-46 are rejected under 35 U.S.C. 103(a) 
as being anticipated by Simon et al. US Patent Application Publication 2003/0093691 
(hereinafter Simon), in view of Maufer et al. US Patent Application Publication 
2003/0233576 (hereianfter Maufer). 

As per claim 18, Simon teaches a method of providing redundancy in a security 
processing system comprising: establishing a first secure packet from through a first 
(paragraph 70 and 95) security processor (paragraphs 50, 51 , 59); updating security 
association information associated with the first secure packet flow (paragraphs 59, 79, 
80); establishing a second secure packet flow through a second processor (paragraphs 
70 and 95) security processor (50, 51 , 59, Figure 1 , as these processes take place on 
multiple edge routers); updating security association information associated with the 
second secure packet flow (paragraphs 50, 51 , 59, and Figure 1 , as these processes 
take place on multiple edge routers); sending the updated security association 
information associated with the first secure packet flow from the first security processor 
to the second security processor at a first predefined interval (paragraphs 60, 64, 66, 
70, 74, and 82, wherein paragraphs 70 and 82 teaches that information may be 
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distributed directly between edge routers, as it is advantageous to combine the 
functions of a cryptographic node with an edge router; also discussed in detail in 
paragraphs 72-73; ); sending the updated security association information associated 
with the second secure packet flow for the second security processor to the first security 
processor at a second predefined interval(paragraphs 60, 65, 66, 70, 74, and 82, 
wherein paragraphs 70 and 82 teaches that information may be distributed directly 
between edge routers; also, Figure 1, wherein it shows multiple edge routers, and 
wherein the paragraphs teach that the edge routers send each other the updated SA 
information; also discussed in detail in paragraphs 72 and 73); storing the updated 
security information associated with the first secure packet flow and the updated 
security association information associated with the second secure packet flow in the 
first security processor and in the second security processor (paragraphs 64-66 and 
70). 

However, at the time of the invention, Simon does not explicitly teach when 
packets are sent when a sequence number in the security association information 
associated with teh first secure packet flow reaches a first predefined value. However, 
Maufer teaches this, such as in paragraph 88, and teaches that these sequence 
numbers are associated with a first secure packet flow (paragraph 88). 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Simon and Maufer references to teach sending packets after a 
sequence number reaches a first predefined value. One of ordinary skill in the art would 
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have been motivated to perform such an addition to increase security and provide 
integration so that systems are compatible with IPSec's security algorithms, (paragraph 
13 of Maufer). 

As per claim 19, Simon teaches wherein the rerouting step is in response to a 
failure of packet flow through the first security processor (abstract, paragraph 79, 
paragraph 95). 

As per claim 21 , Maufer teaches wherein the sequence number int eh security 
association information associated with the first secure packet flow is incremented when 
a packet in the first secure packet flow is received fromor transmitted to a network 
(paragraph 88). 

As per claim 25, Simon teaches generating at least one configuration 
packet including the security association information, wherein the sending step 
comprises sending the at least one configuration packet (paragraphs 54-55). 

As per claim 26, Simon teaches sending, by a host processor, configuration 
information to the first security processor and the second security processor 
(paragraphs 32-37, 55, 56, 57). 

As per claim 27, Simon teaches sending, by a host processor, security 
association configuration information to the first security processor and the second 
security processor (paragraphs 32-35, 37, 55, 56, 57). 

Claim 38 is rejected using the same basis of arguments used to reject claim 18 

above. 
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As per claim 39, Simon teaches at least one host processor connected to the at 
least one switch for terminating or initiating the first packet flow and the second packet 
flow (paragraph 43, Figure 3). 

As per claim 45, Simon rerouting the secure packet flow to flow through 
the second security processor instead of the first (paragraphs 70, abstract, and 
paragraph 95) 

As per claim 46, Simon teaches at least one host processor for establishing a 
first packet flow to a first security processor and a second packet flow to a second 
security processor (throughout the reference, and for example, paragraphs 70-73. 

10. Claims 22 and 29-30, under 35 U.S.C. 103(a) as being unpatentable over Simon 
and Maufer as applied above, and in view of Xiong et al. US Patent Application 
Publication 2003/0061507 (hereinafter Xiong). 

As per claim 22, Simon in view of Muafer does nto expliclty teach wherein teh 
security association finormation assocaited witht eh first secure packet flow comprises 
at least one bye count. However, Xiong teaches this in paragraph 23. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include a sequence number with a security association. One of ordinary skill 
in the art would have been motivated to perform such an addition, as sequence 
numbers are commonly associated with security associations. This is taught in 
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paragraph 23 of Xiong.. Also, by incorporating sequence numbers, the transmissions 
are more secure, as they prevent replay attacks (also found in paragraph 23). 

As per claim 29, Simon teaches defining an interval at which to update the 
security association information in paragraphs 79-80. Xiong teaches defining a quantity 
to adjust a sequence number in paragraph 23. (this is also taught by Maufer in 
paragraph 88). Xiong also teaches determining whether to send the security 
association information according to a comparison of a sequence number with the 
interval in paragraph 23. Although it does not teach a second processor, Simon 
teaches incorporating sending security associations to second security processors. 
Further, as taught by both Xiong and Maufer, the security association information is 
associated secure packet flows. 

As per claim 34, Xiong teaches sending replay window information to the second 
security processor (paragraph 23, in combination with the Simon reference 
incorporating the second security processor). 

1 1 . Claims 40, 41 , 43, and 44 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Simon and Maufer as applied above, and in view of Rosenow et al. 
US Patent No. 5,022,076 (hereinafter Rosenow). 

As per claim 40, Simon teaches changing the routing of packet flow by either 
routing the first packet flow to the second security processor instead of the first security 
processor or routing the second packet flow to the first security processor instead of the 
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second security processor (paragraphs 72, 73, 75, 76, and 77). However, Simon as 
modified by Maufer does not explicitly teach wherein the one host processor changes 
the routing of the packet flow. However, routing processes from one processor to 
another processor is well known in the art, as taught by Rosenow. Rosenow teaches 
throughout the reference the routing of processes from one processor to another 
processor, such as in the abstract and in col. 23 lines 59 to col. 24 line 1 1 . 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Rosenow reference with the Simon and Maufer combination. 
One of ordinary skill in the art would have been motivated to perform such an addition to 
provide more reliability by creating a fault tolerant system. This is taught throughout 
Rosenow, such as in the abstract and col. 4 lines 15-61 . 

As per claim 41 , Rosenow teaches wherein the change in the routing is in 
response to a failure of the first packet flow through the first security processor or the 
second flow through the second security processor (abstract; col. 23 line 59 to col. 24 
line 11). Also, this is taught in Simon's abstract, paragraph 79, and paragraph 95. 

Claim 43 is rejected using the same basis of arguments used to reject claim 40 

above. 

Claim 44 is rejected using the same basis of arguments used to reject claim 40 
above, (it routes to whatever processor is working). 



Conclusion 
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Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
12. 

1 3. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JASON K. GEE whose telephone number is (571)272- 
6431 . The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 381 1 . The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Jason Gee 
Patent Examiner 
Technology Center 2400 
04/02/2009 

/Kambiz Zand/ 



Supervisory Patent Examiner, Art Unit 2434 



